diff options
Diffstat (limited to 'init-sh')
-rwxr-xr-x | init-sh/level0.sh | 7 | ||||
-rwxr-xr-x | init-sh/level1.sh | 7 | ||||
-rwxr-xr-x | init-sh/level2.sh | 7 | ||||
-rwxr-xr-x | init-sh/level3.sh | 7 | ||||
-rwxr-xr-x | init-sh/level4.sh | 7 | ||||
-rwxr-xr-x | init-sh/level5.sh | 7 | ||||
-rw-r--r-- | init-sh/lib.sh | 9 |
7 files changed, 27 insertions, 24 deletions
diff --git a/init-sh/level0.sh b/init-sh/level0.sh index 9d81a72..8d09aff 100755 --- a/init-sh/level0.sh +++ b/init-sh/level0.sh @@ -63,8 +63,7 @@ echo -e "\t- Security warning in syslog : no." # /etc/profile export SECURE_LEVEL=0 echo "Setting secure level variable to 0 :" -AddRules "SECURE_LEVEL=0" /etc/profile -AddRules "SECURE_LEVEL=0" /etc/zprofile +AddRules "SECURE_LEVEL=0" /etc/profile.d/msec echo "Setting umask to 002 (u=rw,g=rw,o=r) :" AddRules "umask 002" /etc/profile @@ -72,9 +71,9 @@ AddRules "umask 002" /etc/zprofile echo "Adding \"non secure\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet -AddRules "export PATH SECURE_LEVEL" /etc/profile +AddRules "export PATH" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/zprofile quiet -AddRules "export PATH SECURE_LEVEL" /etc/zprofile +AddRules "export PATH" /etc/zprofile # Xserver echo "Allowing users to connect X server from everywhere :" diff --git a/init-sh/level1.sh b/init-sh/level1.sh index be3537f..99ce8a3 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -63,8 +63,7 @@ echo -e "\t- Security warning in syslog : no." # /etc/profile export SECURE_LEVEL=1 echo "Setting secure level variable to 1 :" -AddRules "SECURE_LEVEL=1" /etc/profile -AddRules "SECURE_LEVEL=1" /etc/zprofile +AddRules "SECURE_LEVEL=1" /etc/profile.d/msec echo "Setting umask to 002 (u=rw,g=rw,o=r) :" AddRules "umask 002" /etc/profile @@ -72,9 +71,9 @@ AddRules "umask 002" /etc/zprofile echo "Adding \"non secure\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet -AddRules "export PATH SECURE_LEVEL" /etc/profile +AddRules "export PATH" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/zprofile quiet -AddRules "export PATH SECURE_LEVEL" /etc/zprofile +AddRules "export PATH" /etc/zprofile # Xserver echo "Allowing users to connect X server from localhost :" diff --git a/init-sh/level2.sh b/init-sh/level2.sh index 20c6306..b2fd33f 100755 --- a/init-sh/level2.sh +++ b/init-sh/level2.sh @@ -64,8 +64,7 @@ echo -e "\t- Security warning in syslog : yes." # /etc/profile export SECURE_LEVEL=2 echo "Setting secure level variable to 2 :" -AddRules "SECURE_LEVEL=2" /etc/profile -AddRules "SECURE_LEVEL=2" /etc/zprofile +AddRules "SECURE_LEVEL=2" /etc/profile.d/msec echo "Setting umask to 022 (u=rw,g=r,o=r) :" AddRules "umask 022" /etc/profile @@ -73,9 +72,9 @@ AddRules "umask 022" /etc/zprofile echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet -AddRules "export PATH SECURE_LEVEL" /etc/profile +AddRules "export PATH" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet -AddRules "export PATH SECURE_LEVEL" /etc/zprofile +AddRules "export PATH" /etc/zprofile # Xserver echo "Allowing users to connect X server from localhost :" diff --git a/init-sh/level3.sh b/init-sh/level3.sh index 760ae31..6d41afc 100755 --- a/init-sh/level3.sh +++ b/init-sh/level3.sh @@ -71,8 +71,7 @@ AddRules "0 4 * * * root /usr/share/msec/security.sh" /etc/crontab # /etc/profile export SECURE_LEVEL=3 echo "Setting secure level variable to 3 :" -AddRules "SECURE_LEVEL=3" /etc/profile -AddRules "SECURE_LEVEL=3" /etc/zprofile +AddRules "SECURE_LEVEL=3" /etc/profile.d/msec echo "Setting umask to 022 (u=rw,g=r,o=r) :" AddRules "umask 022" /etc/profile @@ -80,9 +79,9 @@ AddRules "umask 022" /etc/zprofile echo "Adding a \"normal\" PATH variable : " AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet -AddRules "export PATH SECURE_LEVEL" /etc/profile +AddRules "export PATH" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet -AddRules "export PATH SECURE_LEVEL" /etc/zprofile +AddRules "export PATH" /etc/zprofile # Do not boot on a shell AllowReboot diff --git a/init-sh/level4.sh b/init-sh/level4.sh index 356f629..62aa2d6 100755 --- a/init-sh/level4.sh +++ b/init-sh/level4.sh @@ -81,8 +81,7 @@ AddRules "0 4 * * * root /usr/share/msec/security.sh" /etc/crontab # Server update echo "Setting secure level variable to 4 :" -AddRules "SECURE_LEVEL=4" /etc/profile -AddRules "SECURE_LEVEL=4" /etc/zprofile +AddRules "SECURE_LEVEL=4" /etc/profile.d/msec export SECURE_LEVEL=4 @@ -111,9 +110,9 @@ AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/zprofi echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet -AddRules "export PATH SECURE_LEVEL" /etc/profile +AddRules "export PATH" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet -AddRules "export PATH SECURE_LEVEL" /etc/zprofile +AddRules "export PATH" /etc/zprofile if [[ -f /lib/libsafe.so.1.3 ]]; then echo "Enabling stack overflow protection :" diff --git a/init-sh/level5.sh b/init-sh/level5.sh index 13b02bb..c894b44 100755 --- a/init-sh/level5.sh +++ b/init-sh/level5.sh @@ -91,8 +91,7 @@ LoaderUpdate; # Disable all server : echo "Setting secure level variable to 5 :" -AddRules "SECURE_LEVEL=5" /etc/profile -AddRules "SECURE_LEVEL=5" /etc/zprofile +AddRules "SECURE_LEVEL=5" /etc/profile.d/msec IFS=" " @@ -121,9 +120,9 @@ AddRules "umask 077" /etc/zprofile echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/profile quiet -AddRules "export PATH SECURE_LEVEL" /etc/profile +AddRules "export PATH" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/zprofile quiet -AddRules "export PATH SECURE_LEVEL" /etc/zprofile +AddRules "export PATH" /etc/zprofile if [[ -f /lib/libsafe.so.1.3 ]]; then diff --git a/init-sh/lib.sh b/init-sh/lib.sh index 25711e9..9fb580f 100644 --- a/init-sh/lib.sh +++ b/init-sh/lib.sh @@ -333,6 +333,15 @@ else chmod 755 /etc/X11/xinit.d/msec fi + +if [[ -f /etc/profile.d/msec ]]; then + CleanRules /etc/profile.d/msec +else + touch /etc/profile.d/msec + chmod 755 /etc/profile.d/msec +fi + + echo -e "\nStarting to reconfigure the system : " # For all secure level echo "Setting spoofing protection : " |